This page provides notes on setting up self-custodial zaps using the nostdress fork by believethehype (https://github.com/believethehype/nostdress).
Pre-requisites
- Lightning Node running and tested
- Server with OS installed to run nostdress. A Raspberry Pi 4 running the 64-bit Rasperry Pi OS Lite was used however the instructions should work for other Debian or Ubuntu Linux systems.
- A free Cloudflare account and a domain name to be used for the Lightning address set up in Cloudflare. Note that this guide doesn’t fully cover the Cloudflare set up.
Diagram
The following diagram provides an overview of the setup.
Installing Nostdress
Install Go
sudo apt install snapd
sudo reboot
sudo snap install core
sudo snap install go --classic
Install Nostdress
Create a user for nostdress
sudo adduser --gecos "" --disabled-password nostdress
Become the nostdress user
sudo su - nostdress
Download nostdress from the Git repository
git clone https://github.com/believethehype/nostdress.git
Build nostdress
cd nostdress
go build
Configure Nostdress
Generate a new Nostr key-pair to be used for signing ZAP events. This should be a separate key pair to the one you use for Nostr.
Copy the .env.example file to .env and edit the .env file
cp .env.example .env
vi .env
Replace the sections in <> to match your configuration
HOST="0.0.0.0"
PORT=17423
DOMAIN="<yourdomain.org - domain configured in Cloudflare for receiving zaps>"
SECRET="69420"
SITE_OWNER_NAME="<yourname>"
SITE_OWNER_URL="<http://yourdomain.org>"
SITE_NAME="<yourname>"
NOSTR_PRIVATE_KEY="<new Nostr private key, nsec format"
FORWARD_URL="/somepageyouwanttoshowdontuseoptionifnone"
NIP05=true
GET_NOSTR_PROFILE=false
LND_PRIVATE_ONLY=false
DB_DIR="./"
RELAYS="wss://nostr.mutinywallet.com,wss://relay.nostrgraph.net,wss://blastr.f7z.xyz,wss://relay.damus.io/,wss://relay.utxo.one,wss://relay.nostr.ch,wss://eden.nostr.land,wss://nostr.btcmp.com,wss://nostr.relayer.se,wss://relay.current.fyi,wss://nos.lol,wss://nostr.mom,wss://relay.nostr.info,wss://nostr.zebedee.cloud,wss://nostr-pub.wellorder.net,wss://relay.snort.social/,wss://nostr.oxtr.dev/,wss://nostr.fmt.wiz.biz/,wss://brb.io"
Manually run nostdress to ensure no errors are seen
./nostdress
Press ctrl-c to exit.
Create a systemd unit file to run nostdress
sudo vi /etc/systemd/system/nostdress.service
Add the following configuration to the file
[Unit]
Description=nostdress
After=network.target
[Service]
WorkingDirectory=/home/nostdress/nostdress
ExecStart=/home/nostdress/nostdress/nostdress
KillSignal=SIGINT
Type=simple
Restart=always
RestartSec=30
TimeoutSec=240
User=nostdress
[Install]
WantedBy=multi-user.target
Enable and start nostdress
sudo systemctl enable nostdress
sudo systemctl start nostdress
Install Cloudflared
curl -L https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/cloudflare-archive-keyring.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflared.list
sudo apt update
sudo apt install cloudflared
Establish the Cloudflare tunnel connection
cloudflared tunnel login
Follow the instructions to retrieve the certificate from Cloudflare.
Create the tunnel in the Cloudflare Zero Trust dashboard:
Cloudflared is already installed so copy and paste the section of code highlighted in Red
Check that the status of the channel shows as “Healthy” in the Zero Trust dashboard.
Add a “Public Hostname” to send traffic to nostdress running on your server (127.0.0.1 port 17423 by default)
You should now be able to access the page to set up the Lightning address and connection to the Lightning node at https://yourdomain.org/lnaddress.
Enter the username that you wish to use and the connection details for the Lightning node. The IP address should be the internal IP address of your Lightning node, port 8080. Enter your Nostr public key if you wish to receive DMs for zaps.
Submit the changes, and if successful a test invoice will be generated.
Create a new WAF (Web Application Firewall) rule in Cloudflare to block URLs that shouldn’t be accessible publicly with the following expression and action set to “Block”
(http.request.uri.path contains "/lnaddress") or (http.request.uri.path contains "/claim") or (http.request.uri.path contains "/api") or (http.request.uri.path contains "/grab")
Verify that https://yourdomain.org/lnaddress is now blocked.
Change your Nostr Lighting address and test to confirm that zaps are working correctly!